The ticket description could still do a better job of explaining what needs to be done. For example, as is, I might just say that it is already possible to point an Agent at a certificate store using WebClientContextFactory and the pyOpenSSL Context APIs. What do you think is necessary beyond that to resolve this ticket?

Hmm. Good point. The issue here is that this always ought to be done by default; as it was phrased previously this was not clear at all.

Legend:

Property
Summary
changed from
certificate validation against natively-configured certificate authorities for HTTPS URLs in twisted.web.client.Agent
to
validate against platform-trusted certificate authorities by default for HTTPS URLs in twisted.web.client.Agent

It should be possible to use the platform's native list of certificate authorities as the trust root for HTTPS client connections from Agent.request.

1

HTTPS client connections from Agent.request should use the platform's native list of certificate authorities as the trust root by default.

2

2

3

3

This ticket is only for fixing `Agent` to actually point at the certificate store API we come up with; [ticket:5446 there is another ticket for actually implementing that store] which is really the hard part here.